Thanks to everyone that attended the session, it was our first hosting the Week Night Testing and great fun was had by all. Given we got twice as many attendees as expected myself and the interns here were not surprised when the light-weight cloud server came crashing down!
For those that didn’t attend the application under test was a tweaked version of the Google cheesy-app-with-lots-of-holes called ‘Gruyere’ that’s available at: http://google-gruyere.appspot.com/
Do have a wander over there and play with the app but also read the documentation. It’s a great introduction into some of the key vulnerabilities that web apps can suffer from. Take for example reflected and stored XSS, these are top of any lists you read from WHID to OWASP and certainly something to become familiar with.
In the coming months we’ll be continuing our mission to spread the word of ‘regular’ testers getting into security testing. Look out for our article in the November issue of Testing Planet and we’ll be in London at the end of November at the London Tester Gathering too.
If you would like any info on the session discussed here or guidance on learning more about security testing be sure to get in touch through our site at http://www.TestHats.com or follow us on twitter @TestHats.
Hiya All,
Thanks to everyone that attended the session, it was our first hosting the Week Night Testing and great fun was had by all. Given we got twice as many attendees as expected myself and the interns here were not surprised when the light-weight cloud server came crashing down!
For those that didn’t attend the application under test was a tweaked version of the Google cheesy-app-with-lots-of-holes called ‘Gruyere’ that’s available at: http://google-gruyere.appspot.com/
Do have a wander over there and play with the app but also read the documentation. It’s a great introduction into some of the key vulnerabilities that web apps can suffer from. Take for example reflected and stored XSS, these are top of any lists you read from WHID to OWASP and certainly something to become familiar with.
In the coming months we’ll be continuing our mission to spread the word of ‘regular’ testers getting into security testing. Look out for our article in the November issue of Testing Planet and we’ll be in London at the end of November at the London Tester Gathering too.
If you would like any info on the session discussed here or guidance on learning more about security testing be sure to get in touch through our site at http://www.TestHats.com or follow us on twitter @TestHats.
Please include me in this session, my twitter ID: hosnyh
Thank you,